2 Replies Latest reply on Sep 9, 2008 7:53 AM by nofreak

    SPNEGO Rich Client Support

    nofreak
    nofreak Sep 9, 2008 5:59 AM

      Hi,
      do anybody know whether there is a way to use the JBoss Negotiation projekt to use with a rich client instead of a web client? It means the, the transfer of the Kerberos Ticket don't be executed by the browser but by the Rich Client by JAAS loginModule...

      • 1602 Views
      • Tags:
        • 1. Re: SPNEGO Rich Client Support
          dlofthouse
          dlofthouse Sep 9, 2008 6:31 AM (in response to nofreak)

          No that feature is not currently available as we have been focussing on the Web invocations.

          The following Jira would add this if there is demand: -

          https://jira.jboss.org/jira/browse/SECURITY-130

          Please feel free to vote for the issue and add as a comment the scenario you are looking at.

            • Actions
          • 2. Re: SPNEGO Rich Client Support
            nofreak
            nofreak Sep 9, 2008 7:53 AM (in response to nofreak)

            Because i have written my own Kerberos based JAAS LoginModules (slient and serverside).

            Know i'am searching a way to use the protected EJB's from a webUI. The EJB's have to be protected by one security-domain which handles the rich-client invokes and there (Kerberos based) authentication. But furthermore i need to invoke the same EJB's by a webUI...and here i would use the SPNEGO implementation...but I don't how i could implement an alternative JAAS authentication or security-domain for only one EJB.

            My idea seems to me like following:
            If the user use the WebUI, the authentification should be based on SPNEGO or maybe a simple DB authentification. If the other Rich Clients invoke the EJB's the authentification should be based on my own Kerberos authentification.

            Are there any ideas? Or is there no way to protect one EJB with different alternative security-domains?

              • Actions